Index: ch06.xml
===================================================================
--- ch06.xml (revision 11932)
+++ ch06.xml (working copy)
@@ -467,6 +467,54 @@
a local user accessing the repository via
file:/// URLs.
+ Having all transactions with the repository take place
+ over a secure tunnel can be attractive. However, creating
+ operating system user accounts for each repository user, or
+ running an Apache httpd can be
+ inconvenient. If the access control provided by
+ svnserve is sufficient, you can try using
+ an SSL tunnel without the
+ option. How to achieve this will vary
+ according to your SSL software.
+
+ Assume there is an svnserve daemon
+ running on svn.red-bean.com port 3690. To
+ create a tunnel using stunnel4 (available
+ from http://www.stunnel.org/), use the
+ following lines in the stunnel4
+ configuration file on the server:
+
+
+# in stunnel.conf
+[svn]
+accept = 4540
+connect = 127.0.0.1:3690
+
+
+ The server will now accept SSL connections on port 4540,
+ and forward them to the svnserve daemon. To
+ access this repository using openssl, Sally
+ must create a wrapper script:
+
+
+#!/bin/sh
+# access svnserve daemon over an SSL tunnel
+exec openssl s_client -quiet -connect $1:4540 2>/dev/null
+
+
+ If this script is called svnssl, then
+ adding an ssl schema in her configuration
+ file will allow Sally to access repositories running on
+ svn.red-bean.com with the URL
+ svn+ssl://svn.red-bean.com/.
+
+
+# in ~/.subversion/config
+[tunnels]
+ssl = svnssl
+
+
Servers and Permissions: A Word of Warning